Company Blog

Cyber warfare, Stuxnet, and DNA Fortification of Electronic Supply

Cyber warfare is in the news. Graduating—in the public perception--from the realm of xBox and Playstation, it has become suddenly obvious that warfare using hyper-advanced electronics is deadly serious business. News of “kill switches,” military-grade computer viruses like the “Stars” virus attacks in Iran of the last few days, and other exotic-sounding electronic weapons are all over the internet.

A series of events, in other words, have conspired to spotlight this issue But what is emerging is a single, and scary realization: military electronic systems, using components which may already be in our supply chain, could be deliberately sabotaged in future cyber warfare attacks against this country.

“American defense officials have long worried about foreign countries finding a “backdoor” into the Pentagon's sensitive weapons systems.” As Agence France Press reporter Dan De Luce put it last week.

If, outside the military, this sounds like the stuff of science fiction, or utter paranoia…it isn’t. Cyber warfare was highly developed during the Cold War period. It has been highly refined over several decades. However, the asymmetrical wars of the last ten years or so, such as that in Afganistan, have not been about dueling with high-technology, and as a result, cyber warfare has been far from the public’s eye.

But one event in the Middle East has in a blink, re-awakened the world to real digital combat: because that event was, in every expert’s opinion, itself an act of cyber warfare, and a spectacular success at that. The event was the series of attacks of Stuxnet virus against nuclear facilities in Iran.

(As we write, this attack is apparently being followed on by a destructive virus called Stars, which is attacking Iranian government computers.)

Paradigm shift

“Stuxnet heralds a paradigm shift in cyber warfare…” says the Swedish FOI, a Ministry of Defense research institute, in a report by cyber warfare expert David Lindahl. “It has changed the way we think about cyber warfare conditions in one fell swoop. What has previously purely been the subject of speculation is now a fact.”

But let’s move back in time and get the bigger picture.

On a day, sometime around June, 2009, Iranian technicians at the controversial nuclear facility at Natanz were routinely checking computers reporting on plant operations. The reports showed that all processes were normal. The presence of a heavily fortified ring of military protection around the plant gave, as usual, the added comfort that the plant was physically shielded.

What the technicians did not know was that the plant was in fact at that very minute partially self-destructing under their eyes. At other nuclear facilities the same operational suicide may have taken place over a period of months. At each, the critical controllers, at the heart of each facility, began spinning up the reactors’ centrifuge erratically and wildly, until the plant became essentially inoperable or was purposely shut down.

High-tech tactics

It’s estimated that one-fifth of Iran’s nuclear capacity was disabled in three waves of Stuxnet attacks between June 2009, and May, 2010 according to the anti-virus firm Symantec.

Early this year, the New York Times and other publications began to piece together the whole of what had happened. In an article in January 2011, the paper revealed that a new, mysterious computer virus, Stuxnet, had been loosed on the nuclear plants, designed to spin up the controllers just as occurred. Meanwhile, according to expert Ralph Langner, the Stuxnet virus code had secretly recorded computer reports of normal operations and fooled the Iranian plant operators by playing the recording back to them. Result: the controllers seemed to be running normally even while they spun to their own destruction. The virus also sent back information recording the success and other data about its attacks.

No one openly admits to being the creator of the virus, but in any case, expert Langner states, “Code analysis makes it clear that Stuxnet is not about sending a message or proving a concept. It is about destroying its targets with utmost determination in military style.” In this regard, the attack was conducted with brilliant precision.

The key point is that, by every account, the creators of the virus knew the vulnerabilities — the backdoor — of the centrifuge controllers well in advance. Without those vulnerabilities, and knowledge of them, no virus could have been created.

Supply chain defense critical: DNA marking the key

Just how the Natanz backdoor became known is unclear, to say the least. No one, so far as we know, is saying that a backdoor was deliberately introduced into the ill-fated controllers there. But the threat is that in the future, backdoors could be smuggled into critical U.S. electronic systems and could indeed lay the ground for future sabotage.

Supply chain insecurity opens the door to those threats. And clearly supply chain protection is the key to defending against them. That points to the critical importance of programs based on Applied DNA Sciences DNA marking: these provide the premier defense against infiltration of our supply chains